What is the last step of packet processing in the firewall?
A. check allowed ports
B. check Security Profiles
C. check Security policy
D. forwarding
... [Show More] lookup
B
Which interface type requires you to configure where the next hop is for various addresses?
A. tap
B. virtual wire
C. Layer 2
D. Layer 3
D
How do you enable the firewall to be managed through a data-plane interface?
A. You specify Web UI in the interface properties.
B. You specify Management in the interface properties.
C. You specify HTTPS in the Interface Management Profile, and then specify in the interface properties to use that profile.
D. You specify Management in the Interface Management Profile, and then specify in the interface properties to use that profile.
C
Some devices managed by Panorama have their external interface on ethernet1/1, some on ethernet1/2. However, the zone definitions for the external zone are identical. What is the recommended solution in this case?
A. Create two templates: one for the ethernet1/1 devices, one for the ethernet1/2 devices. Use the same external zone definitions in both. Apply those two templates to the appropriate devices.
B. Create three templates: one for the ethernet1/1 devices, one for the ethernet1/2 devices, and one with the external zone definitions. Use those templates to create two template stacks, one with the ethernet1/1 and external zone, another with the ethernet1/2 and external zone. Apply those two template stacks to the appropriate devices.
C. Create three templates: one for the ethernet1/1 devices, one for the ethernet1/2 devices, and one with the external zone definitions. Apply the external zone template to all devices, and the ethernet1/1 and ethernet1/2 as appropriate (you can apply up to five templates per device).
D. Create three template stacks: one for the ethernet1/1 devices, one for the ethernet1/2 devices, and one with the external zone definitions. Apply the external zone template to all devices, and the ethernet1/1 and ethernet1/2 as appropriate (you can apply up to five templates per device).
A
In a Panorama managed environment, which two options show the correct order of policy evaluation? (Choose two.)
A. device group pre-rules, shared pre-rules, local firewall rules, intrazone-default, interzone-default
B. device group pre-rules, local firewall rules, shared post-rules, device group post-rules, intrazone-default, interzone-default
C. device group pre-rules, local firewall rules, device group post-rules, shared post-rules, intrazone-default, interzone-default
D. device group pre-rules, local firewall rules, intrazone-default, interzone-default, device group post-rules, shared post-rules
E. shared pre-rules, device group pre-rules, local firewall rules, intrazone-default, interzone-default
CE
When you deploy the Palo Alto Networks NGFW on NSX, how many virtual network interfaces does a VM-Series firewall need?
A. two, one for traffic input and output and one for management traffic
B. four, two for traffic input and output and two for management traffic (for High Availability)
C. three, one for traffic input, one for traffic output, and one for management traffic
D. six, two for traffic input, two for traffic output, and two for management traffic (for High Availability)
C
Which source of user information is not supported by the NGFW?
A. RACF
B. LDAP
C. Active Directory
D. SAML
A
What is the main mechanism of packet-based vulnerability attacks?
A. malformed packets that trigger software bugs when they are received
B. excess packets that fill up buffers, thus preventing legitimate traffic from being processed
C. packets that get responses that leak information about the system
D. packets that either fill up buffers or get responses that leak information
A
Which method is not a PAN-OS software decryption method?
A. SSH Proxy
B. SSL Proxy
C. SSL Forward Proxy
D. SSL Inbound Inspection
B
What type of identification does an Application Override policy override?
A. App-ID
B. User-ID
C. Content-ID
D. Service
A
Which two types of protocols can cause an insufficient data value in the Application field in the Traffic log? (Choose two.)
A. UDP
B. TCP
C. ICMP
D. GRE
E. IGP
AB
Which three profile types are used to prevent malware executables from entering the network? (Choose three.)
A. Antivirus
B. Anti-Spyware
C. WildFire Analysis
D. File Blocking
E. Vulnerability Protection
F. Zone Protection
ACD
Which user credential detection method does not require access to an external directory?
A. group mapping
B. domain credential filter
C. LDAP
D. Certificate
D
Which object type has a property to specify whether it can transfer files?
A. Application
B. Service
C. User
D. User group
A
When destination NAT rules are configured, the associated security rule is matched using which parameters?
A. pre-NAT source zone and post-NAT destination zone
B. post-NAT source zone and pre-NAT destination zone
C. pre-NAT source zone and post-NAT destination IP address
E. post-NAT source zone and post-NAT destination zone
A [Show Less]